SOAP Authentication to the webservice on proxy side

Google Cloud Apigee
1

Hi there,

I’m Matthieu DELMAS, and this is my first post on Apigee questions. Yeeah :slight_smile:

So i’m blocking on something that might be very simple..

  1. What am i doing?

    As the title of question says, i want to create an API proxy on a SOAP service. And this works fine “basically”.

    But now i have to split some part of SOAP “envelope”, to handle security between Apigee and the Webservice directly in Apigee (not from the client-side).
    What i need, is get the Body part of SOAP message provided by the client request (with postman setup) AND the Header part directly in some apigee policy that the client dont have to pass it each request because Apigee is doing it alone.

    The solution seems to be the AssignMessage component using . it works with http headers, but not with the … of the SOAP envelope..

    More interesting thing is, i can use to set the entire SOAP envelope, but again, not my point here…

  2. What am i seeing?

    As expected, the request doesn’t contains the …, even after apigee AssigneMessage policy it’s the same ..

    Client (Postman) printscreen:

    6525-postman.png
    6525-postman.png980×798 119 KB

    Apigee AssignMessage printscreen:

    6526-assignmessage.png
    6526-assignmessage.png963×375 70.2 KB

    Apigee trace printscreen :

    6527-trace.png
    6527-trace.png1411×456 90.5 KB

    You can see here that it added my http header Matthieu-DETECTION with the of AssignMessage component, but there is no … in SOAP envelope..

  3. What are you expecting to see?

    What i finally want is, that because of of the AssignMessage (or other) component, the soapenv:Header…</soapenv:Header> added in the SOAP envelope like this :
    soapenv:Envelope
    soapenv:Header</soapenv:Header> // Added by Apigee on each request for this proxy
    soapenv:Body</soapenv:Header> // provided by client initiale request
    </soapenv:Envelope>

Ok, i hope you have enougth infos, just ask if not.

Thanks for helping me there !

Matthieu

ps: i love Apigee :slight_smile:

2

Okay my bad. I found a simple solution :

6529-solution.png
6529-solution.png939×498 55 KB

I going to try improving “form parameters” to a simple JSON . Nvm, Hope this can help someone ^^

Matt

1 Like
3

Yess - correct. The AssignMEssage Add/Headers section can be used to add HTTP Headers, but cannot be used to add SOAP Headers.

Use the Set/Payload section to set a SOAP message, including headers.

If you have a SOAP payload and want to modify it, to inject SOAP Headers, you won’t be able to do that cleanly with AssignMessage. In that case, you may need to use the XSLT policy, or one of the custom Java policies that inserts headers.

ex1: wssec-signing https://github.com/DinoChiesa/ApigeeEdge-Java-WsSec-Signature

ex2: Edit-Xml-Node https://github.com/DinoChiesa/ApigeeEdge-Java-Add-Xml-Node

4

Now i have it improved for my purpose : having a proxy apigee for SOAP WS that get simple JSON in body in request and use this body to feed SOAP body, but handling SOAP header in the proxy ! so cool :slight_smile:

for curious hackers :

I (very simply) extract JSON body :

6530-extractjsonbody.png
6530-extractjsonbody.png981×653 81.4 KB

and use theses variables in the AssigneMessage :

6531-newassignmessage.png
6531-newassignmessage.png1187×721 89.2 KB

Important point is order of the policies in the PreFlow of Proxy Endpoints :

6533-orderpoliciesflow.png

Ok with this, we can now send JSON body to feed the SOAP body, and handle the SOAP header in the AssignMessage policy, with this usecase it’s to create a Yousign signature initialiization (just for curious).

My next step is to do same for REST to SOAP to REST proxy kind :slight_smile: hope this can help someone
Matt